mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-25 00:53:49 +01:00
Don't modify CONFDIR and SHAREDIR in the shell code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
348c99c7d0
commit
9e506d797a
@ -39,10 +39,10 @@ if [ -z "$g_readrc" ]; then
|
|||||||
. /usr/share/shorewall/shorewallrc
|
. /usr/share/shorewall/shorewallrc
|
||||||
|
|
||||||
g_libexec="$LIBEXECDIR"
|
g_libexec="$LIBEXECDIR"
|
||||||
g_sharedir="$SHAREDIR"
|
g_sharedir="$SHAREDIR"/$g_program
|
||||||
g_sbindir="$SBINDIR"
|
g_sbindir="$SBINDIR"
|
||||||
g_vardir="$VARDIR"
|
g_vardir="$VARDIR"
|
||||||
g_confdir="$CONFDIR"
|
g_confdir="$CONFDIR"/$g_program
|
||||||
g_readrc=1
|
g_readrc=1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -50,39 +50,27 @@ g_basedir=${SHAREDIR}/shorewall
|
|||||||
|
|
||||||
case $g_program in
|
case $g_program in
|
||||||
shorewall)
|
shorewall)
|
||||||
SHAREDIR=${SHAREDIR}/shorewall
|
|
||||||
CONFDIR=${CONFDIR}/shorewall
|
|
||||||
g_product="Shorewall"
|
g_product="Shorewall"
|
||||||
g_family=4
|
g_family=4
|
||||||
g_tool=
|
g_tool=
|
||||||
g_basedir=${SHAREDIR}/shorewall
|
|
||||||
g_lite=
|
g_lite=
|
||||||
;;
|
;;
|
||||||
shorewall6)
|
shorewall6)
|
||||||
SHAREDIR=${SHAREDIR}/shorewall6
|
|
||||||
CONFDIR=${CONFDIR}/shorewall6
|
|
||||||
g_product="Shorewall6"
|
g_product="Shorewall6"
|
||||||
g_family=6
|
g_family=6
|
||||||
g_tool=
|
g_tool=
|
||||||
g_basedir=${SHAREDIR}/shorewall
|
|
||||||
g_lite=
|
g_lite=
|
||||||
;;
|
;;
|
||||||
shorewall-lite)
|
shorewall-lite)
|
||||||
SHAREDIR=${SHAREDIR}/shorewall-lite
|
|
||||||
CONFDIR=${CONFDIR}/shorewall-lite
|
|
||||||
g_product="Shorewall Lite"
|
g_product="Shorewall Lite"
|
||||||
g_family=4
|
g_family=4
|
||||||
g_tool=iptables
|
g_tool=iptables
|
||||||
g_basedir=${SHAREDIR}/shorewall-lite
|
|
||||||
g_lite=Yes
|
g_lite=Yes
|
||||||
;;
|
;;
|
||||||
shorewall6-lite)
|
shorewall6-lite)
|
||||||
SHAREDIR=${SHAREDIR}/shorewall6-lite
|
|
||||||
CONFDIR=${CONFDIR}/shorewall6-lite
|
|
||||||
g_product="Shorewall6 Lite"
|
g_product="Shorewall6 Lite"
|
||||||
g_family=6
|
g_family=6
|
||||||
g_tool=ip6tables
|
g_tool=ip6tables
|
||||||
g_basedir=${SHAREDIR}/shorewall6-lite
|
|
||||||
g_lite=Yes
|
g_lite=Yes
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
@ -204,7 +192,7 @@ mutex_off()
|
|||||||
rm -f ${LOCKFILE:=${VARDIR}/lock}
|
rm -f ${LOCKFILE:=${VARDIR}/lock}
|
||||||
}
|
}
|
||||||
|
|
||||||
[ -z "$LEFTSHIFT" ] && . ${g_sharedir}/shorewall/lib.common
|
[ -z "$LEFTSHIFT" ] && . ${g_basedir}/lib.common
|
||||||
|
|
||||||
#
|
#
|
||||||
# Validate an IP address
|
# Validate an IP address
|
||||||
@ -362,7 +350,7 @@ ip_vlsm() {
|
|||||||
#
|
#
|
||||||
ensure_config_path() {
|
ensure_config_path() {
|
||||||
local F
|
local F
|
||||||
F=${SHAREDIR}/configpath
|
F=${g_sharedir}/configpath
|
||||||
if [ -z "$CONFIG_PATH" ]; then
|
if [ -z "$CONFIG_PATH" ]; then
|
||||||
[ -f $F ] || { echo " ERROR: $F does not exist"; exit 2; }
|
[ -f $F ] || { echo " ERROR: $F does not exist"; exit 2; }
|
||||||
. $F
|
. $F
|
||||||
|
|||||||
@ -31,13 +31,13 @@ if [ -z "$g_readrc" ]; then
|
|||||||
. /usr/share/shorewall/shorewallrc
|
. /usr/share/shorewall/shorewallrc
|
||||||
|
|
||||||
g_libexec="$LIBEXECDIR"
|
g_libexec="$LIBEXECDIR"
|
||||||
g_sharedir="$SHAREDIR"
|
|
||||||
g_sbindir="$SBINDIR"
|
g_sbindir="$SBINDIR"
|
||||||
g_confdir="$CONFDIR"
|
g_confdir="$CONFDIR"/$g_program
|
||||||
|
g_sharedir="$SHAREDIR"/$g_program
|
||||||
g_readrc=1
|
g_readrc=1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
. ${g_sharedir}/shorewall/lib.base
|
. ${SHAREDIR}/shorewall/lib.base
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -559,11 +559,11 @@ version_command() {
|
|||||||
[ $# -gt 0 ] && usage 1
|
[ $# -gt 0 ] && usage 1
|
||||||
|
|
||||||
if [ -n "$all" ]; then
|
if [ -n "$all" ]; then
|
||||||
echo "shorewall-core: $(cat $g_sharedir/shorewall/coreversion)"
|
echo "shorewall-core: $(cat $g_sharedir/coreversion)"
|
||||||
|
|
||||||
for product in shorewall shorewall6 shorewall-lite shorewall6-lite shorewall-init; do
|
for product in shorewall shorewall6 shorewall-lite shorewall6-lite shorewall-init; do
|
||||||
if [ -f $g_sharedir/$product/version ]; then
|
if [ -f $g_sharedir/version ]; then
|
||||||
echo "$product: $(cat $g_sharedir/$product/version)"
|
echo "$product: $(cat $g_sharedir/version)"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
@ -853,7 +853,7 @@ show_command() {
|
|||||||
show_routing
|
show_routing
|
||||||
;;
|
;;
|
||||||
config)
|
config)
|
||||||
. ${SHAREDIR}/configpath
|
. ${g_sharedir}/configpath
|
||||||
if [ -n "$g_filemode" ]; then
|
if [ -n "$g_filemode" ]; then
|
||||||
echo "CONFIG_PATH=$CONFIG_PATH"
|
echo "CONFIG_PATH=$CONFIG_PATH"
|
||||||
echo "VARDIR=$VARDIR"
|
echo "VARDIR=$VARDIR"
|
||||||
@ -925,10 +925,10 @@ show_command() {
|
|||||||
echo "forwardUPnP # Allow traffic that upnpd has redirected from"
|
echo "forwardUPnP # Allow traffic that upnpd has redirected from"
|
||||||
echo "rejNotSyn # Silently Reject Non-syn TCP packets"
|
echo "rejNotSyn # Silently Reject Non-syn TCP packets"
|
||||||
|
|
||||||
if [ -f ${CONFDIR}/actions ]; then
|
if [ -f ${g_confdir}/actions ]; then
|
||||||
cat ${SHAREDIR}/actions.std ${CONFDIR}/actions | grep -Ev '^\#|^$'
|
cat ${g_sharedir}/actions.std ${g_confdir}/actions | grep -Ev '^\#|^$'
|
||||||
else
|
else
|
||||||
grep -Ev '^\#|^$' ${SHAREDIR}/actions.std
|
grep -Ev '^\#|^$' ${g_sharedir}/actions.std
|
||||||
fi
|
fi
|
||||||
|
|
||||||
return
|
return
|
||||||
@ -2981,7 +2981,7 @@ shorewall_cli() {
|
|||||||
VERBOSE=
|
VERBOSE=
|
||||||
VERBOSITY=
|
VERBOSITY=
|
||||||
|
|
||||||
[ -n "$g_lite" ] || . ${g_sharedir}/shorewall/lib.cli-std
|
[ -n "$g_lite" ] || . ${g_basedir}/lib.cli-std
|
||||||
|
|
||||||
finished=0
|
finished=0
|
||||||
|
|
||||||
@ -3086,7 +3086,7 @@ shorewall_cli() {
|
|||||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
||||||
MUTEX_TIMEOUT=
|
MUTEX_TIMEOUT=
|
||||||
|
|
||||||
[ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir
|
[ -f ${g_confdir}/vardir ] && . ${g_confdir}/vardir
|
||||||
|
|
||||||
[ -n "${VARDIR:=/var/lib/$g_program}" ]
|
[ -n "${VARDIR:=/var/lib/$g_program}" ]
|
||||||
|
|
||||||
@ -3096,7 +3096,7 @@ shorewall_cli() {
|
|||||||
|
|
||||||
g_firewall=${VARDIR}/firewall
|
g_firewall=${VARDIR}/firewall
|
||||||
|
|
||||||
version_file=$SHAREDIR/version
|
version_file=${g_sharedir}/version
|
||||||
if [ -f $version_file ]; then
|
if [ -f $version_file ]; then
|
||||||
SHOREWALL_VERSION=$(cat $version_file)
|
SHOREWALL_VERSION=$(cat $version_file)
|
||||||
else
|
else
|
||||||
|
|||||||
@ -676,7 +676,7 @@ find_file()
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
echo ${CONFDIR}/$1
|
echo ${g_confdir}/$1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|||||||
@ -168,40 +168,36 @@ sub generate_script_2() {
|
|||||||
emit( 'g_family=4' );
|
emit( 'g_family=4' );
|
||||||
|
|
||||||
if ( $export ) {
|
if ( $export ) {
|
||||||
emit ( qq(SHAREDIR=$shorewallrc{SHAREDIR}/shorewall-lite),
|
emit ( qq(g_confdir=$shorewallrc{CONFDIR}/shorewall-lite),
|
||||||
qq(CONFDIR=$shorewallrc{CONFDIR}/shorewall-lite),
|
|
||||||
qq(VARDIR=$shorewallrc{VARDIR}/shorewall-lite),
|
|
||||||
'g_product="Shorewall Lite"',
|
'g_product="Shorewall Lite"',
|
||||||
'g_program=shorewall-lite',
|
'g_program=shorewall-lite',
|
||||||
'g_basedir=/usr/share/shorewall-lite',
|
'g_basedir=/usr/share/shorewall-lite',
|
||||||
|
qq(VARDIR=$shorewallrc{VARDIR}/shorewall-lite),
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
emit ( qq(SHAREDIR=$shorewallrc{SHAREDIR}/shorewall),
|
emit ( qq(g_confdir=$shorewallrc{CONFDIR}/shorewall),
|
||||||
qq(CONFDIR=$shorewallrc{CONFDIR}/shorewall),
|
|
||||||
qq(VARDIR=$shorewallrc{VARDIR}/shorewall),
|
|
||||||
'g_product=Shorewall',
|
'g_product=Shorewall',
|
||||||
'g_program=shorewall',
|
'g_program=shorewall',
|
||||||
'g_basedir=/usr/share/shorewall',
|
'g_basedir=/usr/share/shorewall',
|
||||||
|
qq(VARDIR=$shorewallrc{VARDIR}/shorewall),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
emit( 'g_family=6' );
|
emit( 'g_family=6' );
|
||||||
|
|
||||||
if ( $export ) {
|
if ( $export ) {
|
||||||
emit ( qq(SHAREDIR=$shorewallrc{SHAREDIR}/shorewall6-lite),
|
emit ( qq(g_confdir=$shorewallrc{CONFDIR}/shorewall6-lite),
|
||||||
qq(CONFDIR=$shorewallrc{CONFDIR}/shorewall6-lite),
|
|
||||||
qq(VARDIR=$shorewallrc{VARDIR}/shorewall6-lite),
|
|
||||||
'g_product="Shorewall6 Lite"',
|
'g_product="Shorewall6 Lite"',
|
||||||
'g_program=shorewall6-lite',
|
'g_program=shorewall6-lite',
|
||||||
'g_basedir=/usr/share/shorewall6',
|
'g_basedir=/usr/share/shorewall6',
|
||||||
|
qq(VARDIR=$shorewallrc{VARDIR}/shorewall6-lite),
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
emit ( qq(SHAREDIR=$shorewallrc{SHAREDIR}/shorewall6),
|
emit ( qq(g_confdir=$shorewallrc{CONFDIR}/shorewall6),
|
||||||
qq(CONFDIR=$shorewallrc{CONFDIR}/shorewall6),
|
|
||||||
qq(VARDIR=$shorewallrc{VARDIR}/shorewall6}),
|
|
||||||
'g_product=Shorewall6',
|
'g_product=Shorewall6',
|
||||||
'g_program=shorewall6',
|
'g_program=shorewall6',
|
||||||
'g_basedir=/usr/share/shorewall'
|
'g_basedir=/usr/share/shorewall'
|
||||||
|
qq(VARDIR=$shorewallrc{VARDIR}/shorewall6}),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -31,7 +31,6 @@
|
|||||||
#
|
#
|
||||||
get_config() {
|
get_config() {
|
||||||
local prog
|
local prog
|
||||||
local confdir
|
|
||||||
|
|
||||||
ensure_config_path
|
ensure_config_path
|
||||||
|
|
||||||
@ -49,10 +48,7 @@ get_config() {
|
|||||||
|
|
||||||
if [ -f $config ]; then
|
if [ -f $config ]; then
|
||||||
if [ -r $config ]; then
|
if [ -r $config ]; then
|
||||||
confdir=${CONFDIR}
|
|
||||||
CONFDIR=${g_confdir}
|
|
||||||
. $config
|
. $config
|
||||||
CONFDIR=${confdir}
|
|
||||||
else
|
else
|
||||||
echo "Cannot read $config! (Hint: Are you root?)" >&2
|
echo "Cannot read $config! (Hint: Are you root?)" >&2
|
||||||
exit 1
|
exit 1
|
||||||
@ -382,7 +378,7 @@ compiler() {
|
|||||||
#
|
#
|
||||||
# Get the config from $g_shorewalldir
|
# Get the config from $g_shorewalldir
|
||||||
#
|
#
|
||||||
[ -n "$g_shorewalldir" -a "$g_shorewalldir" != /etc/$g_program ] && get_config
|
[ -n "$g_shorewalldir" -a "$g_shorewalldir" != ${g_confdir} ] && get_config
|
||||||
|
|
||||||
case $COMMAND in
|
case $COMMAND in
|
||||||
*start|try|refresh)
|
*start|try|refresh)
|
||||||
@ -407,7 +403,7 @@ compiler() {
|
|||||||
shorewallrc=$(find_file shorewallrc)
|
shorewallrc=$(find_file shorewallrc)
|
||||||
[ -f "$shorewallrc" ] || fatal_error "Compiling for export requires a shorewallrc file"
|
[ -f "$shorewallrc" ] || fatal_error "Compiling for export requires a shorewallrc file"
|
||||||
else
|
else
|
||||||
shorewallrc="${g_sharedir}/shorewall/shorewallrc"
|
shorewallrc="${g_basedir}/shorewallrc"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
options="--verbose=$VERBOSITY --family=$g_family --config_path=$CONFIG_PATH --shorewallrc=${shorewallrc}"
|
options="--verbose=$VERBOSITY --family=$g_family --config_path=$CONFIG_PATH --shorewallrc=${shorewallrc}"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user